sasl issue with postfix

Discussion in 'Server Operation' started by martini, Feb 12, 2007.

  1. martini

    martini New Member

    Hi, (first post here)

    I'm having spam relaying issues on my server so i've tried my best to make it harder for them by using SASL and adding the following to /etc/postfix.main.cf

    maps_rbl_domains =
    sbl.spamhaus.org
    relays.ordb.org
    cbl.abuseat.org
    bl.spamcop.net
    pbl.spamhaus.org
    xbl.spamhaus.org

    smtpd_client_restrictions =
    reject_rbl_client sbl.spamhaus.org
    reject_rbl_client relays.ordb.org
    reject_rbl_client cbl.abuseat.org
    reject_rbl_client bl.spamcop.net
    reject_rbl_client pbl.spamhaus.org
    reject_rbl_client xbl.spamhaus.org

    This has sorted out the spam from being relayed from my box but now when i try and send email from Thunderbird I get the following message

    Feb 12 21:32:02 postfix/smtpd[29163] NOQUEUE: reject: RCPT from hostXX-XXX-XXX-XXX.rangeXX-XXX.btcentralplus.com[XXX.XXX.XXX.XXX]: 554 Service unavailable; Client host [XX.XXX.XXX.XXX] blocked using pbl.spamhaus.org; http://www.spamhaus.org/query/bl?ipXX.XXX.XXX.XXX; from=<myemail@mydomain.com> to=<external-test-email@gmail.com> proto=ESMTP helo=<[192.168.2.88]>
    Feb 12 21:32:02 postfix/smtpd[29163] warning: XXX.XXX.XXX.XX.relays.ordb.org: RBL lookup error: Host or domain name not found. Name service error for name=XXX.XXX.XXX.X.relays.ordb.org type=A: Host not found, try again
    Feb 12 21:31:53 postfix/smtpd[29163] connect from hostXX-XX-XXX-XXX.rangeXX-XXX.btcentralplus.com[xx.xxx.x.xx.xx]

    Without the smtpd_client_restrictions, maps_rbl_domains settings it works fine so i know that i've got the sasl password working in thunderbird. I would like to be able to use both stop spam.

    Any help please?

    Kind regards

    Dan
     
  2. till

    till Super Moderator

    What is the output of:

    postconf -n | grep mynetworks
     
  3. martini

    martini New Member

    hi till,

    I get the following from

    #./postconf -n | grep mynetworks
    mynetworks_style = host
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

    does this help?

    cheers

    Dan
     
  4. falko

    falko Super Moderator

    There seems to be a DNS lookup problem. Have you checked if
    Code:
    dig XXX.XXX.XXX.X.relays.ordb.org
    works on your system? Do you have valid nameservers in /etc/resolv.conf?
     
  5. martini

    martini New Member

    Hi Falko,

    Thanks for the help.

    11.222.333.444 = my ip address of my home pc that i'm trying to send mail from. The domain i'm sending it from is Domain2.com

    55.555.555.555 = my server ip address. has a main domain of Domain1.com I have multiple domains on this server.

    log snippett

    Feb 12 21:32:02 postfix/smtpd[29163] warning: 444.333.222.11.relays.ordb.org: RBL lookup error: Host or domain name not found. Name service error for name=444.333.222.11.relays.ordb.org type=A: Host not found, try again

    Console

    $ dig 11.222.333.444

    ; <<>> DiG 9.3.4 <<>> 11.222.333.444
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1890
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;11.222.333.444. IN A

    ;; AUTHORITY SECTION:
    . 86400 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2007021400 1800 900 604800 86400

    ;; Query time: 15 msec
    ;; SERVER: 55.555.555.555 #53(55.555.555.555 )
    ;; WHEN: Wed Feb 14 20:45:13 2007
    ;; MSG SIZE rcvd: 107


    when I look in /etc/resolv.conf I only see the main domain name for my server, Domain1.com. I do not see the domain name for the domain from which i am trying to send the mail from, Domain2. My server has multiple domains on it. Could this be the problem?

    $more /etc/resolv.conf
    nameserver 55.555.555.555
    search Domain1.com
    domain Domain1.com


    Hope this makes sense. I'm only starting out and find this help really useful.

    cheers

    Dan
     
  6. falko

    falko Super Moderator

    Put this into /etc/resolv.conf and try again:
    Code:
    nameserver 145.253.2.75
    nameserver 193.174.32.18
     
  7. martini

    martini New Member

    Hi Falko,

    Who's does those ip addresses belong to?

    What will this do?

    Many thanks in advance

    Dan
     
  8. edge

    edge HowtoForge Supporter

    Both IP's are from 'open' name servers that are located in Germany.

    Lot's of people use them.
     
  9. martini

    martini New Member

    Hi,

    I've added the those ip addresses to my /etc/resolv.conf but still get the message from spamhaus.org saying that my ip address is being blocked by them as it is on their pbl list.

    "An error occured while sending mail. The mail server responded:Service unavailable; Client host [my home ip address] block using pbl.spamhaus.org;
    http://www.spamhaus.org/query/bl?ip="my home ip address". Please verify that your email adddress is correct in you Mail prerences and try again"

    I went to spamhaus and "my home ip address" is on their list. I have turned on smtp authentication on thunderbird but it still doesn't let me send mail with spamhaus turned on. Annoyingly spamhaus only provides instructions for other email clients not thunderbird.

    any ideas?

    Many thanks

    Dan
     
  10. falko

    falko Super Moderator

    You can ask spamhaus to remove your IP address, but I doubt they will do it if you have a dynamic IP address.
     
  11. martini

    martini New Member

    I checked on Spamhaus site and i'm in the pbl list.

    This pages tells me that I just need to make sure that my email client

    from http://www.spamhaus.org/pbl/removal/
    If you are simply using normal email software, such as Outlook, Entourage, Thunderbird, Apple Mail, and you are being blocked by a Spamhaus PBL listing when you try to send email, the reason is simply that you need to turn on "SMTP Authentication" in your email software settings (Tools : Accounts : Properties : Outgoing Mail Server : Check the "My server requires authentication" box). You do NOT need to remove your IP address from the PBL.

    But I had thought I had done that. My server only allows SASL and is turned on. But somehow Spamhaus doesn't accept my SASL.

    Any ideas? (thanks for your continued help on this)

    Dan
     
  12. falko

    falko Super Moderator

    I don't think they will remove dynamic IP addresses.
     

Share This Page